b"Department of Homeland Security\n   Of\xef\xac\x81ce of Inspector General\n\n             Evaluation of DHS' Security \n\n            Program and Practices For Its \n\n     Intelligence Systems For Fiscal Year 2009 \n\n\n             (Unclassified Summary) \n\n\n\n\n\nOIG-09-92                                   July 2009\n\x0c                                                                          U.S. Department of\n                                                                          Homeland Security\n                                                                          Washington, DC 20528\n\n\n\n\n                                Office of Inspector General\n                Evaluation of DHS\xe2\x80\x99 Security Program and Practices For Its\n                      Intelligence Systems For Fiscal Year 2009\n                                       OIG-09-92\n\n\nWe reviewed the Department of Homeland Security\xe2\x80\x99s enterprise-wide security program\nand practices for its Top Secret/Sensitive Compartmented Information intelligence\nsystems. Pursuant to Federal Information Security Management Act of 2002, we\nreviewed the department\xe2\x80\x99s security management, implementation, and evaluation of its\nintelligence activities, including its policies, procedures, and system security controls for\nenterprise-wide intelligence systems. In doing so, we assessed the department\xe2\x80\x99s Plan of\nAction and Milestones, certification and accreditation, privacy, and incident reporting\nprocesses, as well as its security training and awareness program.\n\nThe department continues to maintain an effective enterprise-wide information security\nmanagement program for its intelligence systems. Overall, information security\nprocedures have been documented and adequate security controls have been\nimplemented. Nonetheless, management oversight and operational issues remain\nregarding the effectiveness of the program. Concerns with the Plan of Action and\nMilestones process and the implementation of a formal information system security\ntraining and awareness program for intelligence personnel still exist. Further, the\nIntelligence and Analysis office, having become responsible for the U.S. Coast Guard\nintelligence systems reporting, has not provided a current authority to operate to the U.S.\nCoast Guard for its Coast Guard Intelligence Support System. Additionally, the\nIntelligence and Analysis office should continue to provide management oversight to\nensure that the U.S. Coast Guard maintains an effective information technology security\nprogram and complies with the Federal Information Security Management Act and\nDepartment of Homeland Security requirements. Fieldwork was conducted from May\nthrough July 2009. (OIG-09-92, July 2009, IT)\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100,\nfax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.\n\n\nOIG HOTLINE\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal\nmisconduct relative to department programs or operations:\n\n\xe2\x80\xa2 Call our Hotline at 1-800-323-8603;\n\n\xe2\x80\xa2 Fax the complaint directly to us at (202) 254-4292;\n\n\xe2\x80\xa2 Email us at DHSOIGHOTLINE@dhs.gov; or\n\n\xe2\x80\xa2 Write to us at:\n       DHS Office of Inspector General/MAIL STOP 2600,\n       Attention: Office of Investigations - Hotline,\n       245 Murray Drive, SW, Building 410,\n       Washington, DC 20528.\n\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c"